VDB
GCVE-110-OSM-2026-3310
GCVE-110-OSM-2026-3310
Advisory PublishedCVSS 8.8/10
Malicious VSCode tasks.json that installs malware on user device, when the repository is opened on Visual Studio Code.
The URL in tasks.json file uses URL shortner, however the attacker payload is hosted on 165[.]140[.]86[.]190. The URL shortner technique was reported in OSM as part of TasksJacker Campaign, where the final payload is obfuscated JS malware.
IOCs:
- url: http://165.140.86.190:3000/task/mac?token=90284f1ceaa2
- url: http://165.140.86.190:3000/task/linux?token=90284f1ceaa2
- url: http://165.140.86.190:3000/task/windows?token=90284f1ceaa2
- url: https://locservice.short.gy/ZRsvn1k9m
- url: https://locservice.short.gy/ZRsvn1k9l
- url: https://locservice.short.gy/ZRsvn1k9w
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | all (affected) | — |
References
Malicious package:
advisory
Browse GCVE Records
73,685 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.